SOP-10: Business Email Compromise (BEC) Response
SOC analyst SOP for BEC — inbox rule abuse, AiTM phishing, OAuth consent grants, account takeover response, wire transfer fraud detection, KQL for Defender/Sentinel, SPL for Splunk, M365/Entra ID containment.
Rudra Verma, Senior Security Architect & Researcher